NNSquad - Network Neutrality Squad
[ NNSquad ] Monitoring user logins via unsecure Wi-Fi networks
Monitoring user logins via unsecure Wi-Fi networks
http://bit.ly/cVyYrK (Techcrunch - "An AOL Company")
The existence of the exploit ("Firesheep") described at
http://bit.ly/d7nPNH (Code Butler) should surprise nobody.
The browser plugin "workaround" described at the Techcrunch/AOL link
is useful as a transitional tool in the absence of integral crypto
protection, but what percentage of vulnerable users will be using it
in the long run?
Unsecured Wi-Fi is ... unsecure. Unless end-to-end connections (wired
and wireless) are protected by strong encryption (and that does not
necessarily means SSL/TLS within the current certificate-based PKI
with all its problems) users will be increasingly vulnerable.
I'm now waiting for the privacy commissioners and other parties who
have had such a field day crucifying Google over *accidental* Wi-Fi
payload data collection to take a similar hard line against Firesheep
and the multitude of other purpose-built Wi-Fi payload monitoring tools
available for all manner of applications both fair and foul.
--Lauren--
Lauren Weinstein (lauren@vortex.com)
http://www.vortex.com/lauren
Tel: +1 (818) 225-2800
Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org
Co-Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org
Founder, GCTIP (Global Coalition for Transparent Internet Performance):
http://www.gctip.org
Founder, PRIVACY Forum: http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein
Google Buzz: http://bit.ly/lauren-buzz